package com.leo.auth.filter;

import com.leo.auth.mapper.PermissionMapper;
import lombok.AllArgsConstructor;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.stereotype.Component;
import java.util.Collection;
import java.util.Collections;

/**
 * <p>
 * 自定义安全元数据源
 * </p>
 *
 * @author ：Leo
 * @since ：2021-04-09 9:30
 */
@Component
@AllArgsConstructor
public class CustomFilterInvocationSecurityMetadataSource implements FilterInvocationSecurityMetadataSource {
    private final PermissionMapper permissionMapper;

    @Override
    public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
        //获取请求地址
        String requestUrl = ((FilterInvocation) object).getRequestUrl();
        //查询那些权限可以访问这个接口
        String[] permissionCode =  permissionMapper.selectListByPath(requestUrl);
        return SecurityConfig.createList(permissionCode);
    }

    @Override
    public Collection<ConfigAttribute> getAllConfigAttributes() {
        return Collections.emptyList();
    }

    @Override
    public boolean supports(Class<?> clazz) {
        return true;
    }


}
